[Bug 219453] tcpmd5 kernel module regrassion

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Mon May 22 10:46:28 UTC 2017 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219453

            Bug ID: 219453
           Summary: tcpmd5 kernel module regrassion
           Product: Base System
           Version: 11.0-STABLE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: zarychtam at plan-b.pwste.edu.pl

After upgrade from 11.0-STABLE r318137 to 11.1-PRERELEASE TCP MD5 signatures
cannot be verified, so bird session cannot be established.
Neither ISP, nor our side changed the configuration. Bird-1.6.3_1 was
recompiled from port, but it doesn't fix the trouble.

# cat /etc/ipsec.conf 
flush ;

add x.x.x.y x.x.x.x tcp 0x1000 -A tcp-md5 "Password1234" ;
add x.x.x.x x.x.x.y tcp 0x1001 -A tcp-md5 "Password1234" ;

# setkey -D
x.x.x.x x.x.x.y
        tcp mode=any spi=4097(0x00001001) reqid=0(0x00000000)
        A: tcp-md5  3647334d 72483753 4c4d5733
        seq=0x00000000 replay=0 flags=0x00000040 state=mature 
        created: May 22 12:25:03 2017   current: May 22 12:35:06 2017
        diff: 603(s)    hard: 0(s)      soft: 0(s)
        last: May 22 12:25:09 2017      hard: 0(s)      soft: 0(s)
        current: 6016(bytes)    hard: 0(bytes)  soft: 0(bytes)
        allocated: 94   hard: 0 soft: 0
        sadb_seq=1 pid=37398 refcnt=1
x.x.x.y x.x.x.x
        tcp mode=any spi=4096(0x00001000) reqid=0(0x00000000)
        A: tcp-md5  3647334d 72483753 4c4d5733
        seq=0x00000000 replay=0 flags=0x00000040 state=mature 
        created: May 22 12:25:03 2017   current: May 22 12:35:06 2017
        diff: 603(s)    hard: 0(s)      soft: 0(s)
        last: May 22 12:25:08 2017      hard: 0(s)      soft: 0(s)
        current: 5680(bytes)    hard: 0(bytes)  soft: 0(bytes)
        allocated: 71   hard: 0 soft: 0
        sadb_seq=0 pid=37398 refcnt=1

# netstat -sp tcp | grep signature
        0 packets with matching signature received
        4601 packets with bad signature received
        42 times failed to make signature due to no SA
        0 times unexpected signature received
        30 times no signature provided by segment

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list